Istio support (#30)

* adding istio files * fix the envoy CMakList file * fix the envoy CMakList file * adding the .mod file * adding the webhook injector image * adding istio files * adding istio files * fix the envoy CMakList file * fix the envoy CMakList file * adding the .mod file * adding the webhook injector image * adding istio files * pulling from dev * fix the envoy CMakList file * adding istio files * fix missing header * fix wrong name of library * fix envoy CMakeLists * remove cloud guard names * remove cloud guard names * adding istio files * adding istio files * [JIRA] INXT-44274: test agent image * add Daniel fixes * remove zlib library * remove nano attachment ut
2025-09-30 03:34:27 +03:00 · 2025-02-11 12:01:51 +02:00
parent 26e2a38713
commit 23dbf06cd0
60 changed files with 11245 additions and 0 deletions
--- a/core/include/attachments/nano_attachment.h
+++ b/core/include/attachments/nano_attachment.h
@@ -0,0 +1,258 @@
+#ifndef __NANO_ATTACHMENT_H__
+#define __NANO_ATTACHMENT_H__
+
+#include "nano_attachment_common.h"
+
+typedef struct NanoAttachment NanoAttachment;
+
+///
+/// @brief Initializes a NanoAttachment structure.
+///
+/// This function initializes a NanoAttachment structure with the specified parameters and default values.
+///
+/// @param attachment_type The type of attachment to initialize.
+/// @param worker_id The ID of the worker associated with the attachment.
+/// @param num_of_workers The total number of workers.
+/// @param logging_fd The file descriptor for logging.
+///
+/// @return A pointer to the initialized NanoAttachment structure if the function completes, NULL otherwise.
+///
+NanoAttachment * InitNanoAttachment(uint8_t attachment_type, int worker_id, int num_of_workers, int logging_fd);
+
+///
+/// @brief Cleans up resources associated with a NanoAttachment structure and deallocates memory.
+///
+/// This function performs cleanup operations on a NanoAttachment structure and deallocates
+/// the memory associated with it.
+/// The function closes the logging file descriptor associated with the NanoAttachment
+/// and frees the memory allocated for the structure.
+///
+/// @param attachment A pointer to the NanoAttachment structure to be cleaned up.
+///
+void FiniNanoAttachment(NanoAttachment *attachment);
+
+///
+/// @brief Restarts the configuration of a NanoAttachment.
+///
+/// @param attachment A pointer to the NanoAttachment whose configuration is to be restarted.
+///
+/// @return A NanoCommunicationResult indicating the success or failure of the operation.
+
+NanoCommunicationResult RestartAttachmentConfiguration(NanoAttachment *attachment);
+
+///
+/// @brief Initializes a HttpSessionData structure with default values.
+///
+/// This function dynamically allocates memory for a HttpSessionData structure
+/// and initializes its fields with default values.
+///
+/// @param attachment A pointer to the NanoAttachment structure associated with the session.
+/// @param session_id The ID of the session to be initialized.
+///
+/// @return A pointer to the initialized HttpSessionData structure if the function completes, NULL otherwise.
+///
+HttpSessionData * InitSessionData(NanoAttachment *attachment, SessionID session_id);
+
+///
+/// @brief Cleans up and deallocates resources associated with a HttpSessionData structure.
+///
+/// This function performs cleanup operations on a HttpSessionData structure and deallocates
+/// the memory associated with it. It writes a debug message indicating the session ID being
+/// freed, and then frees the memory allocated for the HttpSessionData structure.
+///
+/// @param attachment A pointer to the NanoAttachment structure associated with the session.
+/// @param session_data A pointer to the HttpSessionData structure to be cleaned up.
+///
+void FiniSessionData(NanoAttachment *attachment, HttpSessionData *session_data);
+
+///
+/// @brief Updates a metric associated with a NanoAttachment.
+///
+/// This function updates a metric associated with a NanoAttachment structure
+/// based on the provided metric type and value. It delegates the actual updating
+/// of the metric to the helper function updateMetricField.
+///
+/// @param attachment A pointer to the NanoAttachment structure associated with the metric.
+/// @param metric The type of metric to be updated.
+/// @param value The value to be incorporated into the metric calculation.
+///
+void UpdateMetric(NanoAttachment *attachment, AttachmentMetricType metric, uint64_t value);
+
+///
+/// @brief Sends metric data that been accumulated in the attachment to the service.
+///
+/// @param attachment A pointer to the NanoAttachment structure associated with the metric.
+///
+void SendAccumulatedMetricData(NanoAttachment *attachment);
+
+///
+/// @brief Processes and sends attachment data to the appropriate handlers.
+///
+/// This function processes the attachment data based on its chunk type and sends
+/// it to the appropriate handler functions. If the chunk type is not recognized,
+/// it sets a default verdict of ATTACHMENT_VERDICT_INSPECT and returns an AttachmentVerdictResponse
+/// structure containing the default verdict and the session ID from the provided AttachmentData.
+///
+/// @param attachment A pointer to the NanoAttachment structure associated with the data.
+/// @param data A pointer to the AttachmentData structure containing the data to be processed.
+///
+/// @return An AttachmentVerdictResponse structure containing the verdict and session ID.
+///
+AttachmentVerdictResponse SendDataNanoAttachment(NanoAttachment *attachment, AttachmentData *data);
+
+///
+/// @brief Sends a keep-alive signal using a socket connection.
+///
+/// @param attachment A pointer to a NanoAttachment struct containing attachment information.
+///
+void SendKeepAlive(NanoAttachment *attachment);
+
+///
+/// @brief Checks if a session is finalized based on the session's verdict.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+///
+/// @return Returns 0 if the session is not finalized, 1 otherwise.
+///
+int IsSessionFinalized(NanoAttachment *attachment, HttpSessionData *session_data);
+
+///
+/// @brief Checks if the response contains modifications.
+///
+/// This function determines whether the provided response contains modifications.
+///
+/// @param attachment A pointer to a NanoAttachment structure representing the attachment.
+/// @param session_data A pointer to a HttpSessionData structure containing session data.
+/// @param response A pointer to an AttachmentVerdictResponse structure representing the response.
+///
+/// @return 1 if the response contains modifications, 0 otherwise.
+///
+int IsResponseWithModification(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Retrieves response modifications from the given attachment and session data.
+///
+/// @param attachment Pointer to a NanoAttachment object.
+/// @param session_data Pointer to HttpSessionData object containing session information.
+/// @param response Pointer to an AttachmentVerdictResponse object.
+///
+/// @return NanoResponseModifications structure containing response modifications.
+///
+NanoResponseModifications GetResponseModifications(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Retrieves the type of web response associated with the given attachment and session data.
+///
+/// This function checks if the provided response object contains valid web response data.
+/// If the response object is null, it logs a warning and returns NO_WEB_RESPONSE.
+/// Otherwise, it returns the type of web response contained in the response object.
+///
+/// @param attachment    Pointer to the NanoAttachment structure associated with the request.
+/// @param session_data  Pointer to the HttpSessionData structure containing session-related data.
+/// @param response      Pointer to the AttachmentVerdictResponse structure containing response data.
+///
+/// @return The type of web response, or NO_WEB_RESPONSE if no response object is provided.
+///
+NanoWebResponseType GetWebResponseType(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Retrieves the block page data for a response.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param response The AttachmentVerdictResponse object containing the verdict.
+///
+/// @return
+///
+BlockPageData GetBlockPage(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Retrieves the redict page data for a response.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param response The AttachmentVerdictResponse object containing the verdict.
+///
+/// @return
+///
+RedirectPageData GetRedirectPage(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Free allocated resources of an AttachmentVerdictResponse.
+///
+/// This function frees the allocated resources of an AttachmentVerdictResponse.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param response The AttachmentVerdictResponse object to be freed.
+///
+void FreeAttachmentResponseContent(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    AttachmentVerdictResponse *response
+);
+
+///
+/// @brief Compresses HttpBody and return allocated compressed body.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param bodies The bodies pointer to be compressed.
+///
+HttpBody * compressBody(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    HttpBody *bodies
+);
+
+///
+/// @brief Compresses HttpBody and return allocated compressed body.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param bodies The bodies pointer to be decompressed.
+///
+HttpBody * decompressBody(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    HttpBody *bodies
+);
+
+///
+/// @brief Free allocated compressed body.
+///
+/// This function frees the allocated resources of HttpBody object.
+///
+/// @param attachment The NanoAttachment object associated with the session.
+/// @param session_data The HttpSessionData object representing the session.
+/// @param bodies The bodies pointer to be freed.
+///
+void
+freeCompressedBody(
+    NanoAttachment *attachment,
+    HttpSessionData *session_data,
+    HttpBody *bodies
+);
+
+#endif // __NANO_ATTACHMENT_H__
--- a/core/include/attachments/nano_attachment_common.h
+++ b/core/include/attachments/nano_attachment_common.h
@@ -0,0 +1,489 @@
+#ifndef __NANO_ATTACHMENT_COMMON_H__
+#define __NANO_ATTACHMENT_COMMON_H__
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <sys/types.h>
+#include <assert.h>
+
+#include "compression_utils.h"
+
+typedef uint32_t SessionID;
+typedef void* DataBuffer;
+
+#define MAX_NGINX_UID_LEN 32
+#define MAX_SHARED_MEM_PATH_LEN 128
+#define NUM_OF_NGINX_IPC_ELEMENTS 200
+#define DEFAULT_KEEP_ALIVE_INTERVAL_MSEC 300000u
+#define SHARED_MEM_PATH "/dev/shm/"
+#define SHARED_REGISTRATION_SIGNAL_PATH SHARED_MEM_PATH "check-point/cp-nano-attachment-registration"
+#define SHARED_KEEP_ALIVE_PATH SHARED_MEM_PATH "check-point/cp-nano-attachment-registration-expiration-socket"
+#define SHARED_VERDICT_SIGNAL_PATH SHARED_MEM_PATH "check-point/cp-nano-http-transaction-handler"
+#define SHARED_ATTACHMENT_CONF_PATH SHARED_MEM_PATH "cp_nano_http_attachment_conf"
+#define DEFAULT_STATIC_RESOURCES_PATH SHARED_MEM_PATH "static_resources"
+#define INJECT_POS_IRRELEVANT -1
+#define CORRUPTED_SESSION_ID 0
+#define METRIC_PERIODIC_TIMEOUT 600
+#define MAX_CONTAINER_ID_LEN 12
+#define CONTAINER_ID_FILE_PATH "/proc/self/cgroup"
+#define RESPONSE_PAGE_PARTS 4
+#define UUID_SIZE 64
+#define CUSTOM_RESPONSE_TITLE_SIZE 64
+#define CUSTOM_RESPONSE_BODY_SIZE 128
+#define REDIRECT_RESPONSE_LOCATION_SIZE 512
+
+#ifdef __cplusplus
+typedef enum class NanoWebResponseType
+#else
+typedef enum NanoWebResponseType
+#endif
+{
+    CUSTOM_WEB_RESPONSE,
+    REDIRECT_WEB_RESPONSE,
+
+    NO_WEB_RESPONSE
+} NanoWebResponseType;
+
+#ifdef __cplusplus
+typedef enum class NanoHttpInspectionMode
+#else
+typedef enum NanoHttpInspectionMode
+#endif
+{
+    NON_BLOCKING_THREAD,
+    BLOCKING_THREAD,
+    NO_THREAD,
+
+    INSPECTION_MODE_COUNT
+} NanoHttpInspectionMode;
+
+#ifdef __cplusplus
+typedef enum class NanoCommunicationResult
+#else
+typedef enum NanoCommunicationResult
+#endif
+{
+    NANO_OK,
+    NANO_ERROR,
+    NANO_ABORT,
+    NANO_AGAIN,
+    NANO_HTTP_FORBIDDEN,
+    NANO_DECLINED,
+    NANO_TIMEOUT
+} NanoCommunicationResult;
+
+#ifdef __cplusplus
+typedef enum class nano_http_cp_debug_level
+#else
+typedef enum nano_http_cp_debug_level
+#endif
+{
+    DBG_LEVEL_TRACE,
+    DBG_LEVEL_DEBUG,
+    DBG_LEVEL_INFO,
+    DBG_LEVEL_WARNING,
+    DBG_LEVEL_ERROR,
+#ifndef __cplusplus
+    DBG_LEVEL_ASSERT,
+#endif
+    DBG_LEVEL_COUNT
+} nano_http_cp_debug_level_e;
+
+#ifdef __cplusplus
+typedef enum class AttachmentMetricType
+#else
+typedef enum AttachmentMetricType
+#endif
+{
+    TRANSPARENTS_COUNT,
+    TOTAL_TRANSPARENTS_TIME,
+    INSPECTION_OPEN_FAILURES_COUNT,
+    INSPECTION_CLOSE_FAILURES_COUNT,
+    INSPECTION_SUCCESSES_COUNT,
+    INJECT_VERDICTS_COUNT,
+    DROP_VERDICTS_COUNT,
+    ACCEPT_VERDICTS_COUNT,
+    IRRELEVANT_VERDICTS_COUNT,
+    RECONF_VERDICTS_COUNT,
+    INSPECT_VERDICTS_COUNT,
+    HOLD_VERDICTS_COUNT,
+    AVERAGE_OVERALL_PPROCESSING_TIME_UNTIL_VERDICT,
+    MAX_OVERALL_PPROCESSING_TIME_UNTIL_VERDICT,
+    MIN_OVERALL_PPROCESSING_TIME_UNTIL_VERDICT,
+    AVERAGE_REQ_PPROCESSING_TIME_UNTIL_VERDICT,
+    MAX_REQ_PPROCESSING_TIME_UNTIL_VERDICT,
+    MIN_REQ_PPROCESSING_TIME_UNTIL_VERDICT,
+    AVERAGE_RES_PPROCESSING_TIME_UNTIL_VERDICT,
+    MAX_RES_PPROCESSING_TIME_UNTIL_VERDICT,
+    MIN_RES_PPROCESSING_TIME_UNTIL_VERDICT,
+    THREAD_TIMEOUT,
+    REG_THREAD_TIMEOUT,
+    REQ_METADATA_THREAD_TIMEOUT,
+    REQ_HEADER_THREAD_TIMEOUT,
+    REQ_BODY_THREAD_TIMEOUT,
+    REQ_END_THREAD_TIMEOUT,
+    AVERAGE_REQ_BODY_SIZE_UPON_TIMEOUT,
+    MAX_REQ_BODY_SIZE_UPON_TIMEOUT,
+    MIN_REQ_BODY_SIZE_UPON_TIMEOUT,
+    RES_HEADER_THREAD_TIMEOUT,
+    RES_BODY_THREAD_TIMEOUT,
+    RES_END_THREAD_TIMEOUT,
+    HOLD_THREAD_TIMEOUT,
+    AVERAGE_RES_BODY_SIZE_UPON_TIMEOUT,
+    MAX_RES_BODY_SIZE_UPON_TIMEOUT,
+    MIN_RES_BODY_SIZE_UPON_TIMEOUT,
+    THREAD_FAILURE,
+    REQ_PROCCESSING_TIMEOUT,
+    RES_PROCCESSING_TIMEOUT,
+    REQ_FAILED_TO_REACH_UPSTREAM,
+    REQ_FAILED_COMPRESSION_COUNT,
+    RES_FAILED_COMPRESSION_COUNT,
+    REQ_FAILED_DECOMPRESSION_COUNT,
+    RES_FAILED_DECOMPRESSION_COUNT,
+    REQ_SUCCESSFUL_COMPRESSION_COUNT,
+    RES_SUCCESSFUL_COMPRESSION_COUNT,
+    REQ_SUCCESSFUL_DECOMPRESSION_COUNT,
+    RES_SUCCESSFUL_DECOMPRESSION_COUNT,
+    CORRUPTED_ZIP_SKIPPED_SESSION_COUNT,
+    CPU_USAGE,
+    AVERAGE_VM_MEMORY_USAGE,
+    AVERAGE_RSS_MEMORY_USAGE,
+    MAX_VM_MEMORY_USAGE,
+    MAX_RSS_MEMORY_USAGE,
+    REQUEST_OVERALL_SIZE_COUNT,
+    RESPONSE_OVERALL_SIZE_COUNT,
+
+    METRIC_TYPES_COUNT
+} AttachmentMetricType;
+
+#ifdef __cplusplus
+typedef enum class AttachmentDataType
+#else
+typedef enum AttachmentDataType
+#endif
+{
+    REQUEST_START,
+    REQUEST_HEADER,
+    REQUEST_BODY,
+    REQUEST_END,
+    RESPONSE_CODE,
+    RESPONSE_HEADER,
+    RESPONSE_BODY,
+    RESPONSE_END,
+    CONTENT_LENGTH,
+    METRIC_DATA_FROM_PLUGIN,
+    REQUEST_DELAYED_VERDICT
+} AttachmentDataType;
+
+#ifdef __cplusplus
+typedef enum class HttpChunkType
+#else
+typedef enum HttpChunkType
+#endif
+{
+    HTTP_REQUEST_FILTER,
+    HTTP_REQUEST_METADATA,
+    HTTP_REQUEST_HEADER,
+    HTTP_REQUEST_BODY,
+    HTTP_REQUEST_END,
+    HTTP_RESPONSE_HEADER,
+    HTTP_RESPONSE_BODY,
+    HTTP_RESPONSE_END,
+    HOLD_DATA
+} HttpChunkType;
+
+#ifdef __cplusplus
+typedef enum class ServiceVerdict
+#else
+typedef enum ServiceVerdict
+#endif
+{
+    TRAFFIC_VERDICT_INSPECT,
+    TRAFFIC_VERDICT_ACCEPT,
+    TRAFFIC_VERDICT_DROP,
+    TRAFFIC_VERDICT_INJECT,
+    TRAFFIC_VERDICT_IRRELEVANT,
+    TRAFFIC_VERDICT_RECONF,
+    TRAFFIC_VERDICT_DELAYED
+} ServiceVerdict;
+
+#ifdef __cplusplus
+typedef enum class AttachmentVerdict
+#else
+typedef enum AttachmentVerdict
+#endif
+{
+    ATTACHMENT_VERDICT_INSPECT,
+    ATTACHMENT_VERDICT_ACCEPT,
+    ATTACHMENT_VERDICT_DROP,
+    ATTACHMENT_VERDICT_INJECT
+} AttachmentVerdict;
+
+#ifdef __cplusplus
+typedef enum class HttpModificationType
+#else
+typedef enum HttpModificationType
+#endif
+{
+    APPEND,
+    INJECT,
+    REPLACE
+} HttpModificationType;
+
+typedef struct __attribute__((__packed__)) HttpInjectData {
+    int64_t injection_pos;
+    HttpModificationType mod_type;
+    uint16_t injection_size;
+    uint8_t is_header;
+    uint8_t orig_buff_index;
+    char data[0];
+} HttpInjectData;
+
+typedef struct __attribute__((__packed__)) HttpWebResponseData {
+    uint8_t web_response_type;
+    uint8_t uuid_size;
+
+    union {
+        struct __attribute__((__packed__)) NanoHttpCpCustomWebResponseData {
+            uint16_t response_code;
+            uint8_t title_size;
+            uint8_t body_size;
+            char data[0];
+        } custom_response_data;
+
+        struct __attribute__((__packed__)) NanoHttpCpRedirectData {
+            uint8_t unused_dummy;
+            uint8_t add_event_id;
+            uint16_t redirect_location_size;
+            char redirect_location[0];
+        } redirect_data;
+    } response_data;
+} HttpWebResponseData;
+
+typedef struct {
+    size_t              len;
+    unsigned char       *data;
+} nano_str_t;
+
+typedef struct CustomResponseData {
+    uint16_t response_code;
+    unsigned char title[CUSTOM_RESPONSE_TITLE_SIZE];
+    unsigned char body[CUSTOM_RESPONSE_BODY_SIZE];
+} CustomResponseData;
+
+typedef struct RedirectData {
+    unsigned char redirect_location[REDIRECT_RESPONSE_LOCATION_SIZE];
+} RedirectData;
+
+typedef struct WebResponseData {
+    NanoWebResponseType web_response_type;
+    unsigned char uuid[UUID_SIZE];
+    DataBuffer data;
+} WebResponseData;
+
+#ifdef __cplusplus
+typedef enum class HttpMetaDataType
+#else
+typedef enum HttpMetaDataType
+#endif
+{
+    HTTP_PROTOCOL_SIZE,
+    HTTP_PROTOCOL_DATA,
+    HTTP_METHOD_SIZE,
+    HTTP_METHOD_DATA,
+    HOST_NAME_SIZE,
+    HOST_NAME_DATA,
+    LISTENING_ADDR_SIZE,
+    LISTENING_ADDR_DATA,
+    LISTENING_PORT,
+    URI_SIZE,
+    URI_DATA,
+    CLIENT_ADDR_SIZE,
+    CLIENT_ADDR_DATA,
+    CLIENT_PORT,
+    PARSED_HOST_SIZE,
+    PARSED_HOST_DATA,
+    PARSED_URI_SIZE,
+    PARSED_URI_DATA,
+
+    META_DATA_COUNT
+} HttpMetaDataType;
+
+#ifdef __cplusplus
+typedef enum class HttpHeaderDataType
+#else
+typedef enum HttpHeaderDataType
+#endif
+{
+    HEADER_KEY_SIZE,
+    HEADER_KEY_DATA,
+    HEADER_VAL_SIZE,
+    HEADER_VAL_DATA,
+
+    HEADER_DATA_COUNT
+} HttpHeaderDataType;
+
+/// @struct NanoHttpModificationList
+/// @brief A node that holds all the information regarding modifications.
+typedef struct NanoHttpModificationList {
+    struct NanoHttpModificationList *next; ///< Next node.
+    HttpInjectData modification; ///< Modification data.
+    char *modification_buffer; ///< Modification buffer used to store extra needed data.
+} NanoHttpModificationList;
+
+/// @struct NanoHttpResponseData
+/// Holds all the data for Compression in a session.
+typedef struct {
+
+    /// Original compression type, can hold the following values:
+    /// - #GZIP
+    /// - #ZLIB
+    CompressionType   compression_type;
+
+    /// Compression stream
+    CompressionStream *compression_stream;
+
+    /// Decompression stream
+    CompressionStream *decompression_stream;
+} NanoHttpResponseData;
+
+/// @struct HttpSessionData
+/// @brief Holds all the session's information needed to communicate with the nano service.
+/// @details Such as to save verdict and session ID between the request and the response
+typedef struct HttpSessionData {
+    int                    was_request_fully_inspected; ///< Holds if the request fully inspected.
+    ServiceVerdict         verdict; ///< Holds the session's verdict from the Nano Service.
+    uint32_t               session_id; ///< Current session's Id.
+    unsigned int           remaining_messages_to_reply; ///< Remaining messages left for the agent to respond to.
+
+    NanoHttpResponseData   response_data; ///< Holds session's response data.
+
+    double                 req_proccesing_time; ///< Holds session's request processing time.
+    double                 res_proccesing_time; ///< Holds session's response processing time.
+    uint64_t               processed_req_body_size; ///< Holds session's request body's size.
+    uint64_t               processed_res_body_size; ///< Holds session's response body's size'.
+} HttpSessionData;
+
+typedef struct HttpMetaData {
+    nano_str_t http_protocol;
+    nano_str_t method_name;
+    nano_str_t host;
+    nano_str_t listening_ip;
+    uint16_t   listening_port;
+    nano_str_t uri;
+    nano_str_t client_ip;
+    uint16_t   client_port;
+    nano_str_t parsed_host;
+    nano_str_t parsed_uri;
+} HttpMetaData;
+
+typedef struct HttpHeaderData {
+    nano_str_t key;
+    nano_str_t value;
+} HttpHeaderData;
+
+typedef struct HttpHeaders {
+    HttpHeaderData *data;
+    size_t headers_count;
+} HttpHeaders;
+
+typedef struct HttpRequestFilterData {
+    HttpMetaData *meta_data;
+    HttpHeaders *req_headers;
+    bool contains_body;
+} HttpRequestFilterData;
+
+typedef struct ResHttpHeaders {
+    HttpHeaders *headers;
+    uint16_t response_code;
+    uint64_t content_length;
+} ResHttpHeaders;
+
+typedef struct HttpBody {
+    nano_str_t *data;
+    size_t bodies_count;
+} HttpBody;
+
+typedef struct AttachmentData {
+    SessionID session_id;
+    HttpChunkType chunk_type;
+    HttpSessionData *session_data;
+    DataBuffer data;
+} AttachmentData;
+
+typedef union __attribute__((__packed__)) HttpModifyData {
+    HttpInjectData inject_data[0];
+    HttpWebResponseData web_response_data[0];
+} HttpModifyData;
+
+typedef struct __attribute__((__packed__)) HttpReplyFromService {
+    uint16_t verdict;
+    SessionID session_id;
+    uint8_t modification_count;
+    HttpModifyData modify_data[0];
+} HttpReplyFromService;
+
+typedef struct AttachmentVerdictResponse {
+    AttachmentVerdict verdict;
+    SessionID session_id;
+    WebResponseData *web_response_data;
+    NanoHttpModificationList *modifications;
+} AttachmentVerdictResponse;
+
+typedef struct __attribute__((__packed__)) AttachmentRequest {
+    struct __attribute__((__packed__)) connection {
+        int sockaddr;
+        int local_sockaddr;
+    } connection;
+
+    struct __attribute__((__packed__)) http_protocol {
+        int len;
+        int data;
+    } http_protocol;
+
+    struct __attribute__((__packed__)) method {
+        int name;
+        int data;
+    } method;
+
+    struct __attribute__((__packed__)) uri {
+        int len;
+        int data;
+    } uri;
+
+    struct __attribute__((__packed__)) unparsed_uri {
+        int len;
+        int data;
+    } unparsed_uri;
+} AttachmentRequest;
+
+typedef struct BlockPageData {
+    uint16_t response_code;
+    nano_str_t title_prefix;
+    nano_str_t title;
+    nano_str_t body_prefix;
+    nano_str_t body;
+    nano_str_t uuid_prefix;
+    nano_str_t uuid;
+    nano_str_t uuid_suffix;
+} BlockPageData;
+
+typedef struct RedirectPageData {
+    nano_str_t redirect_location;
+} RedirectPageData;
+
+typedef struct NanoResponseModifications {
+    NanoHttpModificationList *modifications;
+} NanoResponseModifications;
+
+typedef struct __attribute__((__packed__)) NanoHttpMetricData {
+    uint16_t data_type;
+#ifdef __cplusplus
+    uint64_t data[static_cast<int>(AttachmentMetricType::METRIC_TYPES_COUNT)];
+#else
+    uint64_t data[METRIC_TYPES_COUNT];
+#endif
+} NanoHttpMetricData;
+
+#endif // __NANO_ATTACHMENT_COMMON_H__
--- a/core/include/attachments/nano_attachment_util.h
+++ b/core/include/attachments/nano_attachment_util.h
@@ -0,0 +1,67 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __NGINX_ATTACHMENT_UTIL__
+#define __NGINX_ATTACHMENT_UTIL__
+
+#include <stdio.h>
+
+#include "nano_attachment_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+#define IP_STR_MAX_LEN 40
+
+typedef const char * c_str;
+
+int initAttachmentConfig(c_str conf_file);
+
+NanoHttpInspectionMode getInspectionMode();
+unsigned int getNumOfNginxIpcElements();
+unsigned int getKeepAliveIntervalMsec();
+unsigned int getDbgLevel();
+int isDebugContext(c_str client, c_str server, unsigned int port, c_str method, c_str host, c_str uri);
+c_str getStaticResourcesPath();
+
+int isFailOpenMode();
+unsigned int getFailOpenTimeout();
+
+int isFailOpenHoldMode();
+unsigned int getFailOpenHoldTimeout();
+
+unsigned int getMaxSessionsPerMinute();
+int isFailOpenOnSessionLimit();
+
+unsigned int getRegistrationThreadTimeout();
+
+unsigned int getReqProccessingTimeout();
+unsigned int getReqHeaderThreadTimeout();
+unsigned int getReqBodyThreadTimeout();
+
+unsigned int getResProccessingTimeout();
+unsigned int getResHeaderThreadTimeout();
+unsigned int getResBodyThreadTimeout();
+
+unsigned int getWaitingForVerdictThreadTimeout();
+
+int isIPAddress(c_str ip_str);
+int isSkipSource(c_str ip_str);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // __NGINX_ATTACHMENT_UTIL__
--- a/core/include/attachments/shmem_ipc_2.h
+++ b/core/include/attachments/shmem_ipc_2.h
@@ -0,0 +1,79 @@
+// Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __SHMEM_IPC_H__
+#define __SHMEM_IPC_H__
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif // __cplusplus
+
+typedef struct LoggingData LoggingData;
+typedef struct SharedMemoryIPC SharedMemoryIPC;
+extern const int corrupted_shmem_error;
+
+LoggingData * initLoggingData(int dbg_level, int worker_id, int fd);
+
+SharedMemoryIPC * initIpc(
+    const char queue_name[32],
+    const uint32_t user_id,
+    const uint32_t group_id,
+    int is_owner,
+    uint16_t num_of_queue_elem,
+    const LoggingData *logging_data,
+    void (*debug_func)(
+        const LoggingData *loggin_data,
+        uint32_t worker_id,
+        int is_error,
+        const char *func,
+        const char *file,
+        int line_num,
+        const char *fmt,
+        ...
+    )
+);
+
+void destroyIpc(SharedMemoryIPC *ipc, int is_owner);
+
+int sendData(SharedMemoryIPC *ipc, const uint16_t data_to_send_size, const char *data_to_send);
+
+int
+sendChunkedData(
+    SharedMemoryIPC *ipc,
+    const uint16_t *data_to_send_sizes,
+    const char **data_elem_to_send,
+    const uint8_t num_of_data_elem
+);
+
+int receiveData(SharedMemoryIPC *ipc, uint16_t *received_data_size, const char **received_data);
+
+int popData(SharedMemoryIPC *ipc);
+
+int isDataAvailable(SharedMemoryIPC *ipc);
+
+void resetIpc(SharedMemoryIPC *ipc, uint16_t num_of_data_segments);
+
+void dumpIpcMemory(SharedMemoryIPC *ipc);
+
+int isCorruptedShmem(SharedMemoryIPC *ipc, int is_owner);
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif // __SHMEM_IPC_H__